Shulou(Shulou.com)06/02 Report--

This article mainly explains the "Linux system special permissions detailed explanation", the content of the article is simple and clear, easy to learn and understand, the following please follow the editor's ideas slowly in depth, together to study and learn "Linux system special permissions detailed explanation" bar!

Catalogue

0x01 introduction

Detailed explanation of 0x02 Special permissions

0x01 introduction

Linux has a total of 12 permissions, including 3 special permissions in addition to the 9-bit permissions of rwxrwxrwx mentioned earlier.

Suid bit: setuid, denoted by S, if there is x on the x bit of the user bit, the corresponding number is 4, and the permissions related to the user

Sgid bit: setgid, denoted by S, if there is x on the x bit of the user group, the corresponding number is 2, and the permissions related to the user group

Sticky bit, sticky bit, expressed by T, and t if there is x on the x bit corresponding to other user groups, the corresponding number is 1, and the permissions related to other user groups

A special directory for sticky bits is the tmp directory.

Detailed explanation of 0x02 Special permissions

Suid

Suid allows ordinary users to use root or other user roles to run commands or programs that only root or other accounts can run, or program commands correspond to files that do not have permission to operate. Suid sets special permissions for a command, and the user is the owner.

Here is an example to illustrate this problem.

First add a new user and set a password for it

Let's make it clear whether the shadow file will be changed if the password is changed.

It shows that the shadow file has indeed been changed, and what is the permission of shadow?

You will find that only root users have write permissions. Does that mean that other users cannot change their passwords?

In fact, this is not the case. Other users can also change their passwords. Because of the special permissions of this file, it can be found that it has suid permissions, so any user executing this command will have the corresponding permissions of this command. In this case, any user who executes this command will have root permissions.

Let's take another look at it with a delete operation

Let's take a look at the delete operation by default

What happens if we add suid privileges to the delete command?

You can find that suid permissions have been added, and files that can only be operated by root users can be deleted by using low-privilege users.

At this point, you can basically understand the use of suid, but there are a few points to pay attention to.

Suid is only valid for binary command programs and cannot be used on script files such as shell, and suid permissions are valid only during command execution.

We can search which files have s permission.

Find / bin-type f-perm 4755-exec ls-l {}\

We will mention this thing again later when we use suid to raise rights.

If you don't know much about this find command, you can go to "Linux File search Command detailed explanation".

Sgid

Sgid is related to user groups. Unlike suid, sgid can target both files and directories.

For files, sgid is only valid for binary command programs, and the user who executes the command can get the permission of the group to which the program belongs during execution. Suid has the permission of this user.

For directories (inheriting the groups to which the directory belongs), Linux creates files by default, and the default users and groups are its own. Sgid allows users to create files and directories in this directory with the same user group settings as this directory.

Instead of giving an example here, it is in the same way as verified by suid.

Sticky position

The stickiness bit means that you can put content in it, but you can't manipulate the directory.

Thank you for your reading, the above is the content of "detailed explanation of the Special permissions of the Linux system". After the study of this article, I believe you have a deeper understanding of the detailed interpretation of the special permissions of the Linux system, and the specific use needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.